Sunday, January 28, 2018

8 ways to generate random password in Linux

Learn 8 different ways to generate random password in Linux using Linux native commands or third party utilities.

Different ways to generate password in Linux
In
this article, we will walk you through various different ways to
generate random password in Linux terminal. Few of them are using native
Linux commands and others are using third party tools or utilities
which can easily be installed on Linux machine. Here we are looking at
native commands like openssl, dd, md5sum, tr, urandom and third party tools like mkpasswd, randpw, pwgen, spw, gpg, xkcdpass, diceware, revelation, keepaasx, passwordmaker.
These
are actually ways to get some random alphanumeric string which can be
utilized as password. Random passwords can be used for new users so that
there will be uniqueness no matter how large your user base is. Without
any further delay lets jump into those 15 different ways to generate
random password in Linux.

Generate password using mkpasswd utility

mkpasswd comes with install of expect package on RHEL based systems. On Debian based systems mkpasswd comes with package whois. Trying to install mkpasswd package will results in error –No package mkpasswd available. on RHEL system and E: Unable to locate package mkpasswd in Debian based.
So install their parent packages as mentioned above and you are good to go.
Run mkpasswd to get passwords

Shell

1

2

3

4

5

6

7

root@kerneltalks# mkpasswd << on RHEL

zt*hGW65c

root@kerneltalks# mkpasswd teststring << on Ubuntu

XnlrKxYOJ3vik

Command
behaves differently on different systems so work accordingly. There are
many switches which can be used to control length etc parameters. You
can explore them from man pages.

Generate password using openssl

Openssl
comes in build with almost all the Linux distributions. We can use its
random function to get alphanumeric string generated which can be used
as password.

Shell

1

2

3

4

root@kerneltalks# openssl rand -base64 10

nU9LlHO5nsuUvw==

Here, we are using base64 encoding with random function and last digit for argument to base64 encoding.

Generate password using urandom

Device file /dev/urandom is another source of getting random characters. We are using tr function and trimming output to get random string to use as password.

dd command to generate password

We can even use /dev/urandom device along with dd command to get string of random characters.

Shell

1

2

3

4

5

6

7

root@kerneltalks# dd if=/dev/urandom bs=1 count=15|base64 -w 0

15+0records in

15+0records out

15bytes(15B)copied,5.5484e-05s,270kB/s

QMsbe2XbrqAc2NmXp8D0

We need to pass output through base64
encoding to make it human readable. You can play with count value to
get desired length. For much cleaner output, redirect std2 to /dev/null. Clean command will be –

Using md5sum to generate password

Another
way to get array of random characters which can be used as password is
to calculate MD5 checksum! s you know checksum value is indeed looks
like random characters grouped together we can use it as password. Make
sure you use source as something variable so that you get different
checksum every time you run command. For example date ! date command always yields changing output.

Shell

1

2

3

4

root@kerneltalks# date |md5sum

4d8ce5c42073c7e9ca4aeffd3d157102-

Here we passed date command output to md5sum and get the checksum hash! You can use cut command to get desired length of output.

Generate password using pwgen

pwgen package comes with repositories like EPEL. pwgen
is more focused on generating passwords which are pronounceable but not
a dictionary word or not in plain English. You may not find it in
standard distribution repo. Install the package and run pwgen command. Boom !

You will be presented with list of passwords at your terminal! What else you want? Ok. You still want to explore, pwgen comes with many custom options which can be referred for man page.

Generate password using gpg tool

GPG
is a OpenPGP encryption and signing tool. Mostly gpg tool comes
pre-installed (at least it is on my RHEL7). But if not you can look for gpg or gpg2 package and install it.
Use below command to generate password from gpg tool.

Generate password using xkcdpass

Famous geek humor website xkcd, published a very interesting post about memorable but still complex passwords. You can view it here. So xkcdpass tool took inspiration from this post and did its work! Its a python package and available on python’s official website here
All
installation and usage instructions are mentioned on that page. Here is
install steps and outputs from my test RHEL server for your reference.

Click to expand

Now running xkcdpass command will give you random set of dictionary words like below –

Shell

1

2

3

4

root@kerneltalks# xkcdpass

broadside unpadded osmosis statistic cosmetics lugged

You can use these words as input to other commands like md5sum to get random password (like below) or you can even use Nth letter of each words to form your password!

Shell

1

2

3

4

5

6

7

root@kerneltalks# xkcdpass |md5sum

45f2ec9b3ca980c7afbd100268c74819-

root@kerneltalks# xkcdpass |md5sum

ad79546e8350744845c001d8836f2ff2-

Or
even you can use all those words together as such a long password which
is easy to remember for a user and very hard to crack using computer
program.
There are tools like Diceware, KeePassX, Revelation, PasswordMaker for Linux which can be considered for making strong random passwords.